wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/wolfmath.c@13:f67a6c6013ca, 2017-08-22 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue Aug 22 10:48:22 2017 +0000
- Revision:
- 13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 13:f67a6c6013ca | 1 | /* wolfmath.c |
wolfSSL | 13:f67a6c6013ca | 2 | * |
wolfSSL | 13:f67a6c6013ca | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 13:f67a6c6013ca | 4 | * |
wolfSSL | 13:f67a6c6013ca | 5 | * This file is part of wolfSSL. |
wolfSSL | 13:f67a6c6013ca | 6 | * |
wolfSSL | 13:f67a6c6013ca | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 13:f67a6c6013ca | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 13:f67a6c6013ca | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 13:f67a6c6013ca | 10 | * (at your option) any later version. |
wolfSSL | 13:f67a6c6013ca | 11 | * |
wolfSSL | 13:f67a6c6013ca | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 13:f67a6c6013ca | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 13:f67a6c6013ca | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 13:f67a6c6013ca | 15 | * GNU General Public License for more details. |
wolfSSL | 13:f67a6c6013ca | 16 | * |
wolfSSL | 13:f67a6c6013ca | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 13:f67a6c6013ca | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 13:f67a6c6013ca | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 13:f67a6c6013ca | 20 | */ |
wolfSSL | 13:f67a6c6013ca | 21 | |
wolfSSL | 13:f67a6c6013ca | 22 | |
wolfSSL | 13:f67a6c6013ca | 23 | /* common functions for either math library */ |
wolfSSL | 13:f67a6c6013ca | 24 | |
wolfSSL | 13:f67a6c6013ca | 25 | #ifdef HAVE_CONFIG_H |
wolfSSL | 13:f67a6c6013ca | 26 | #include <config.h> |
wolfSSL | 13:f67a6c6013ca | 27 | #endif |
wolfSSL | 13:f67a6c6013ca | 28 | |
wolfSSL | 13:f67a6c6013ca | 29 | /* in case user set USE_FAST_MATH there */ |
wolfSSL | 13:f67a6c6013ca | 30 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 13:f67a6c6013ca | 31 | |
wolfSSL | 13:f67a6c6013ca | 32 | #ifdef USE_FAST_MATH |
wolfSSL | 13:f67a6c6013ca | 33 | #include <wolfssl/wolfcrypt/tfm.h> |
wolfSSL | 13:f67a6c6013ca | 34 | #else |
wolfSSL | 13:f67a6c6013ca | 35 | #include <wolfssl/wolfcrypt/integer.h> |
wolfSSL | 13:f67a6c6013ca | 36 | #endif |
wolfSSL | 13:f67a6c6013ca | 37 | |
wolfSSL | 13:f67a6c6013ca | 38 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 13:f67a6c6013ca | 39 | #include <wolfssl/wolfcrypt/logging.h> |
wolfSSL | 13:f67a6c6013ca | 40 | |
wolfSSL | 13:f67a6c6013ca | 41 | #if defined(USE_FAST_MATH) || !defined(NO_BIG_INT) |
wolfSSL | 13:f67a6c6013ca | 42 | |
wolfSSL | 13:f67a6c6013ca | 43 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 44 | #include <wolfssl/wolfcrypt/async.h> |
wolfSSL | 13:f67a6c6013ca | 45 | #endif |
wolfSSL | 13:f67a6c6013ca | 46 | |
wolfSSL | 13:f67a6c6013ca | 47 | #ifdef NO_INLINE |
wolfSSL | 13:f67a6c6013ca | 48 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 13:f67a6c6013ca | 49 | #else |
wolfSSL | 13:f67a6c6013ca | 50 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 13:f67a6c6013ca | 51 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 13:f67a6c6013ca | 52 | #endif |
wolfSSL | 13:f67a6c6013ca | 53 | |
wolfSSL | 13:f67a6c6013ca | 54 | |
wolfSSL | 13:f67a6c6013ca | 55 | #if !defined(WC_NO_CACHE_RESISTANT) && \ |
wolfSSL | 13:f67a6c6013ca | 56 | ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ |
wolfSSL | 13:f67a6c6013ca | 57 | (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT))) |
wolfSSL | 13:f67a6c6013ca | 58 | |
wolfSSL | 13:f67a6c6013ca | 59 | /* all off / all on pointer addresses for constant calculations */ |
wolfSSL | 13:f67a6c6013ca | 60 | /* ecc.c uses same table */ |
wolfSSL | 13:f67a6c6013ca | 61 | const wolfssl_word wc_off_on_addr[2] = |
wolfSSL | 13:f67a6c6013ca | 62 | { |
wolfSSL | 13:f67a6c6013ca | 63 | #if defined(WC_64BIT_CPU) |
wolfSSL | 13:f67a6c6013ca | 64 | W64LIT(0x0000000000000000), |
wolfSSL | 13:f67a6c6013ca | 65 | W64LIT(0xffffffffffffffff) |
wolfSSL | 13:f67a6c6013ca | 66 | #elif defined(WC_16BIT_CPU) |
wolfSSL | 13:f67a6c6013ca | 67 | 0x0000U, |
wolfSSL | 13:f67a6c6013ca | 68 | 0xffffU |
wolfSSL | 13:f67a6c6013ca | 69 | #else |
wolfSSL | 13:f67a6c6013ca | 70 | /* 32 bit */ |
wolfSSL | 13:f67a6c6013ca | 71 | 0x00000000U, |
wolfSSL | 13:f67a6c6013ca | 72 | 0xffffffffU |
wolfSSL | 13:f67a6c6013ca | 73 | #endif |
wolfSSL | 13:f67a6c6013ca | 74 | }; |
wolfSSL | 13:f67a6c6013ca | 75 | #endif |
wolfSSL | 13:f67a6c6013ca | 76 | |
wolfSSL | 13:f67a6c6013ca | 77 | |
wolfSSL | 13:f67a6c6013ca | 78 | int get_digit_count(mp_int* a) |
wolfSSL | 13:f67a6c6013ca | 79 | { |
wolfSSL | 13:f67a6c6013ca | 80 | if (a == NULL) |
wolfSSL | 13:f67a6c6013ca | 81 | return 0; |
wolfSSL | 13:f67a6c6013ca | 82 | |
wolfSSL | 13:f67a6c6013ca | 83 | return a->used; |
wolfSSL | 13:f67a6c6013ca | 84 | } |
wolfSSL | 13:f67a6c6013ca | 85 | |
wolfSSL | 13:f67a6c6013ca | 86 | mp_digit get_digit(mp_int* a, int n) |
wolfSSL | 13:f67a6c6013ca | 87 | { |
wolfSSL | 13:f67a6c6013ca | 88 | if (a == NULL) |
wolfSSL | 13:f67a6c6013ca | 89 | return 0; |
wolfSSL | 13:f67a6c6013ca | 90 | |
wolfSSL | 13:f67a6c6013ca | 91 | return (n >= a->used || n < 0) ? 0 : a->dp[n]; |
wolfSSL | 13:f67a6c6013ca | 92 | } |
wolfSSL | 13:f67a6c6013ca | 93 | |
wolfSSL | 13:f67a6c6013ca | 94 | int get_rand_digit(WC_RNG* rng, mp_digit* d) |
wolfSSL | 13:f67a6c6013ca | 95 | { |
wolfSSL | 13:f67a6c6013ca | 96 | return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit)); |
wolfSSL | 13:f67a6c6013ca | 97 | } |
wolfSSL | 13:f67a6c6013ca | 98 | |
wolfSSL | 13:f67a6c6013ca | 99 | #ifdef WC_RSA_BLINDING |
wolfSSL | 13:f67a6c6013ca | 100 | int mp_rand(mp_int* a, int digits, WC_RNG* rng) |
wolfSSL | 13:f67a6c6013ca | 101 | { |
wolfSSL | 13:f67a6c6013ca | 102 | int ret; |
wolfSSL | 13:f67a6c6013ca | 103 | mp_digit d; |
wolfSSL | 13:f67a6c6013ca | 104 | |
wolfSSL | 13:f67a6c6013ca | 105 | if (rng == NULL) |
wolfSSL | 13:f67a6c6013ca | 106 | return MISSING_RNG_E; |
wolfSSL | 13:f67a6c6013ca | 107 | |
wolfSSL | 13:f67a6c6013ca | 108 | if (a == NULL) |
wolfSSL | 13:f67a6c6013ca | 109 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 110 | |
wolfSSL | 13:f67a6c6013ca | 111 | mp_zero(a); |
wolfSSL | 13:f67a6c6013ca | 112 | if (digits <= 0) { |
wolfSSL | 13:f67a6c6013ca | 113 | return MP_OKAY; |
wolfSSL | 13:f67a6c6013ca | 114 | } |
wolfSSL | 13:f67a6c6013ca | 115 | |
wolfSSL | 13:f67a6c6013ca | 116 | /* first place a random non-zero digit */ |
wolfSSL | 13:f67a6c6013ca | 117 | do { |
wolfSSL | 13:f67a6c6013ca | 118 | ret = get_rand_digit(rng, &d); |
wolfSSL | 13:f67a6c6013ca | 119 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 120 | return ret; |
wolfSSL | 13:f67a6c6013ca | 121 | } |
wolfSSL | 13:f67a6c6013ca | 122 | } while (d == 0); |
wolfSSL | 13:f67a6c6013ca | 123 | |
wolfSSL | 13:f67a6c6013ca | 124 | if ((ret = mp_add_d(a, d, a)) != MP_OKAY) { |
wolfSSL | 13:f67a6c6013ca | 125 | return ret; |
wolfSSL | 13:f67a6c6013ca | 126 | } |
wolfSSL | 13:f67a6c6013ca | 127 | |
wolfSSL | 13:f67a6c6013ca | 128 | while (--digits > 0) { |
wolfSSL | 13:f67a6c6013ca | 129 | if ((ret = mp_lshd(a, 1)) != MP_OKAY) { |
wolfSSL | 13:f67a6c6013ca | 130 | return ret; |
wolfSSL | 13:f67a6c6013ca | 131 | } |
wolfSSL | 13:f67a6c6013ca | 132 | if ((ret = get_rand_digit(rng, &d)) != 0) { |
wolfSSL | 13:f67a6c6013ca | 133 | return ret; |
wolfSSL | 13:f67a6c6013ca | 134 | } |
wolfSSL | 13:f67a6c6013ca | 135 | if ((ret = mp_add_d(a, d, a)) != MP_OKAY) { |
wolfSSL | 13:f67a6c6013ca | 136 | return ret; |
wolfSSL | 13:f67a6c6013ca | 137 | } |
wolfSSL | 13:f67a6c6013ca | 138 | } |
wolfSSL | 13:f67a6c6013ca | 139 | |
wolfSSL | 13:f67a6c6013ca | 140 | return ret; |
wolfSSL | 13:f67a6c6013ca | 141 | } |
wolfSSL | 13:f67a6c6013ca | 142 | #endif /* WC_RSA_BLINDING */ |
wolfSSL | 13:f67a6c6013ca | 143 | |
wolfSSL | 13:f67a6c6013ca | 144 | |
wolfSSL | 13:f67a6c6013ca | 145 | #ifdef HAVE_WOLF_BIGINT |
wolfSSL | 13:f67a6c6013ca | 146 | void wc_bigint_init(WC_BIGINT* a) |
wolfSSL | 13:f67a6c6013ca | 147 | { |
wolfSSL | 13:f67a6c6013ca | 148 | if (a != NULL) { |
wolfSSL | 13:f67a6c6013ca | 149 | a->buf = NULL; |
wolfSSL | 13:f67a6c6013ca | 150 | a->len = 0; |
wolfSSL | 13:f67a6c6013ca | 151 | a->heap = NULL; |
wolfSSL | 13:f67a6c6013ca | 152 | } |
wolfSSL | 13:f67a6c6013ca | 153 | } |
wolfSSL | 13:f67a6c6013ca | 154 | |
wolfSSL | 13:f67a6c6013ca | 155 | int wc_bigint_alloc(WC_BIGINT* a, word32 sz) |
wolfSSL | 13:f67a6c6013ca | 156 | { |
wolfSSL | 13:f67a6c6013ca | 157 | int err = MP_OKAY; |
wolfSSL | 13:f67a6c6013ca | 158 | |
wolfSSL | 13:f67a6c6013ca | 159 | if (a == NULL) |
wolfSSL | 13:f67a6c6013ca | 160 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 161 | |
wolfSSL | 13:f67a6c6013ca | 162 | if (sz > 0) { |
wolfSSL | 13:f67a6c6013ca | 163 | if (a->buf && sz > a->len) { |
wolfSSL | 13:f67a6c6013ca | 164 | wc_bigint_free(a); |
wolfSSL | 13:f67a6c6013ca | 165 | } |
wolfSSL | 13:f67a6c6013ca | 166 | if (a->buf == NULL) { |
wolfSSL | 13:f67a6c6013ca | 167 | a->buf = (byte*)XMALLOC(sz, a->heap, DYNAMIC_TYPE_WOLF_BIGINT); |
wolfSSL | 13:f67a6c6013ca | 168 | } |
wolfSSL | 13:f67a6c6013ca | 169 | if (a->buf == NULL) { |
wolfSSL | 13:f67a6c6013ca | 170 | err = MP_MEM; |
wolfSSL | 13:f67a6c6013ca | 171 | } |
wolfSSL | 13:f67a6c6013ca | 172 | else { |
wolfSSL | 13:f67a6c6013ca | 173 | XMEMSET(a->buf, 0, sz); |
wolfSSL | 13:f67a6c6013ca | 174 | } |
wolfSSL | 13:f67a6c6013ca | 175 | } |
wolfSSL | 13:f67a6c6013ca | 176 | a->len = sz; |
wolfSSL | 13:f67a6c6013ca | 177 | |
wolfSSL | 13:f67a6c6013ca | 178 | return err; |
wolfSSL | 13:f67a6c6013ca | 179 | } |
wolfSSL | 13:f67a6c6013ca | 180 | |
wolfSSL | 13:f67a6c6013ca | 181 | /* assumes input is big endian format */ |
wolfSSL | 13:f67a6c6013ca | 182 | int wc_bigint_from_unsigned_bin(WC_BIGINT* a, const byte* in, word32 inlen) |
wolfSSL | 13:f67a6c6013ca | 183 | { |
wolfSSL | 13:f67a6c6013ca | 184 | int err; |
wolfSSL | 13:f67a6c6013ca | 185 | |
wolfSSL | 13:f67a6c6013ca | 186 | if (a == NULL || in == NULL || inlen == 0) |
wolfSSL | 13:f67a6c6013ca | 187 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 188 | |
wolfSSL | 13:f67a6c6013ca | 189 | err = wc_bigint_alloc(a, inlen); |
wolfSSL | 13:f67a6c6013ca | 190 | if (err == 0) { |
wolfSSL | 13:f67a6c6013ca | 191 | XMEMCPY(a->buf, in, inlen); |
wolfSSL | 13:f67a6c6013ca | 192 | } |
wolfSSL | 13:f67a6c6013ca | 193 | |
wolfSSL | 13:f67a6c6013ca | 194 | return err; |
wolfSSL | 13:f67a6c6013ca | 195 | } |
wolfSSL | 13:f67a6c6013ca | 196 | |
wolfSSL | 13:f67a6c6013ca | 197 | int wc_bigint_to_unsigned_bin(WC_BIGINT* a, byte* out, word32* outlen) |
wolfSSL | 13:f67a6c6013ca | 198 | { |
wolfSSL | 13:f67a6c6013ca | 199 | word32 sz; |
wolfSSL | 13:f67a6c6013ca | 200 | |
wolfSSL | 13:f67a6c6013ca | 201 | if (a == NULL || out == NULL || outlen == NULL || *outlen == 0) |
wolfSSL | 13:f67a6c6013ca | 202 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 203 | |
wolfSSL | 13:f67a6c6013ca | 204 | /* trim to fit into output buffer */ |
wolfSSL | 13:f67a6c6013ca | 205 | sz = a->len; |
wolfSSL | 13:f67a6c6013ca | 206 | if (a->len > *outlen) { |
wolfSSL | 13:f67a6c6013ca | 207 | WOLFSSL_MSG("wc_bigint_export: Truncating output"); |
wolfSSL | 13:f67a6c6013ca | 208 | sz = *outlen; |
wolfSSL | 13:f67a6c6013ca | 209 | } |
wolfSSL | 13:f67a6c6013ca | 210 | |
wolfSSL | 13:f67a6c6013ca | 211 | if (a->buf) { |
wolfSSL | 13:f67a6c6013ca | 212 | XMEMCPY(out, a->buf, sz); |
wolfSSL | 13:f67a6c6013ca | 213 | } |
wolfSSL | 13:f67a6c6013ca | 214 | |
wolfSSL | 13:f67a6c6013ca | 215 | *outlen = sz; |
wolfSSL | 13:f67a6c6013ca | 216 | |
wolfSSL | 13:f67a6c6013ca | 217 | return MP_OKAY; |
wolfSSL | 13:f67a6c6013ca | 218 | } |
wolfSSL | 13:f67a6c6013ca | 219 | |
wolfSSL | 13:f67a6c6013ca | 220 | void wc_bigint_zero(WC_BIGINT* a) |
wolfSSL | 13:f67a6c6013ca | 221 | { |
wolfSSL | 13:f67a6c6013ca | 222 | if (a && a->buf) { |
wolfSSL | 13:f67a6c6013ca | 223 | ForceZero(a->buf, a->len); |
wolfSSL | 13:f67a6c6013ca | 224 | } |
wolfSSL | 13:f67a6c6013ca | 225 | } |
wolfSSL | 13:f67a6c6013ca | 226 | |
wolfSSL | 13:f67a6c6013ca | 227 | void wc_bigint_free(WC_BIGINT* a) |
wolfSSL | 13:f67a6c6013ca | 228 | { |
wolfSSL | 13:f67a6c6013ca | 229 | if (a) { |
wolfSSL | 13:f67a6c6013ca | 230 | if (a->buf) { |
wolfSSL | 13:f67a6c6013ca | 231 | XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT); |
wolfSSL | 13:f67a6c6013ca | 232 | } |
wolfSSL | 13:f67a6c6013ca | 233 | a->buf = NULL; |
wolfSSL | 13:f67a6c6013ca | 234 | a->len = 0; |
wolfSSL | 13:f67a6c6013ca | 235 | } |
wolfSSL | 13:f67a6c6013ca | 236 | } |
wolfSSL | 13:f67a6c6013ca | 237 | |
wolfSSL | 13:f67a6c6013ca | 238 | int wc_mp_to_bigint(mp_int* src, WC_BIGINT* dst) |
wolfSSL | 13:f67a6c6013ca | 239 | { |
wolfSSL | 13:f67a6c6013ca | 240 | int err; |
wolfSSL | 13:f67a6c6013ca | 241 | word32 sz; |
wolfSSL | 13:f67a6c6013ca | 242 | |
wolfSSL | 13:f67a6c6013ca | 243 | if (src == NULL || dst == NULL) |
wolfSSL | 13:f67a6c6013ca | 244 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 245 | |
wolfSSL | 13:f67a6c6013ca | 246 | sz = mp_unsigned_bin_size(src); |
wolfSSL | 13:f67a6c6013ca | 247 | err = wc_bigint_alloc(dst, sz); |
wolfSSL | 13:f67a6c6013ca | 248 | if (err == MP_OKAY) |
wolfSSL | 13:f67a6c6013ca | 249 | err = mp_to_unsigned_bin(src, dst->buf); |
wolfSSL | 13:f67a6c6013ca | 250 | |
wolfSSL | 13:f67a6c6013ca | 251 | return err; |
wolfSSL | 13:f67a6c6013ca | 252 | } |
wolfSSL | 13:f67a6c6013ca | 253 | |
wolfSSL | 13:f67a6c6013ca | 254 | int wc_bigint_to_mp(WC_BIGINT* src, mp_int* dst) |
wolfSSL | 13:f67a6c6013ca | 255 | { |
wolfSSL | 13:f67a6c6013ca | 256 | int err; |
wolfSSL | 13:f67a6c6013ca | 257 | |
wolfSSL | 13:f67a6c6013ca | 258 | if (src == NULL || dst == NULL) |
wolfSSL | 13:f67a6c6013ca | 259 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 260 | |
wolfSSL | 13:f67a6c6013ca | 261 | if (src->buf == NULL) |
wolfSSL | 13:f67a6c6013ca | 262 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 263 | |
wolfSSL | 13:f67a6c6013ca | 264 | err = mp_read_unsigned_bin(dst, src->buf, src->len); |
wolfSSL | 13:f67a6c6013ca | 265 | wc_bigint_free(src); |
wolfSSL | 13:f67a6c6013ca | 266 | |
wolfSSL | 13:f67a6c6013ca | 267 | return err; |
wolfSSL | 13:f67a6c6013ca | 268 | } |
wolfSSL | 13:f67a6c6013ca | 269 | |
wolfSSL | 13:f67a6c6013ca | 270 | #endif /* HAVE_WOLF_BIGINT */ |
wolfSSL | 13:f67a6c6013ca | 271 | |
wolfSSL | 13:f67a6c6013ca | 272 | #endif /* USE_FAST_MATH || !NO_BIG_INT */ |
wolfSSL | 13:f67a6c6013ca | 273 |